By: Ben DiPietro | May 5, 2017 7:38 am ET:
The lack of a market standard in how cyber risks are assessed is making it difficult for insurers to expand their levels of cybersecurity coverage, but advances in cyber risk modeling are improving the ability of insurers to more accurately sell cyber policies.
These same modeling advancements also are helping to make chief information security officers more knowledgeable about the policies they are buying, said Matt Mosher, chief operating officer of A.M. Best, a ratings agency for insurance.
“With the evolution of cyber models, which have started to establish individual standards on assessing cyber risk, insureds are becoming more comfortable with their own management of the risk,” said Mr. Mosher. “Additionally, insurance companies are becoming more comfortable with their management of the risk they are taking on through specific cyber coverage.”
Technological advances are changing the risk-modeling business, allowing firms to create models with more complexity and sophistication than they previously could, while also taking advantage of much bigger data sets when contemplating risks.
And while attackers will change their tactics to adjust to any defenses or standards an organization establishes, Mr. Mosher said there still should be standards to establish the key drivers in measuring cyber risk.
“The industry is just starting to move in that direction,” he said.
While Mr. Mosher said he hasn’t seen a strong push to establish a standard on the measurement of cyber risks, he said he’s seen some industry and cyber consultants trying to build standards on measuring the level of conformity a company might have in their management of cyber risks, and the controls they have for cyber risks.
“We are still at a stage where individual models are being developed and these are setting separate standards,” he said.
To read full report – please click here.
